Import existing key to Nitrokey HSM2

I’m trying to import an existing key into a Nitrokey HSM 2.

  • It appears the PKCS11 interface does not implement C_WrapKey and C_UnwrapKey.
  • I’ve not been successful importing a PKCS#12 container.

I’ve tried the methodology discussed in other threads here, using openssl to convert my keys into a p12 container:

If I generate a test key and convert to a PKCS#12 container as follows:

openssl genrsa -f4 2048 >test0.pem
openssl req -new -x509 -key test0.pem -out test_cert.pem -days 9999 -subj "/C=US/ST=California/L=SanJose/O=cfrantz/CN=project"
openssl pkcs12 -export -out test_cert.p12 -inkey test0.pem -in test_cert.pem --passout pass:abc123

And then try to import test_cert.p12 via the Smart Cart Shell, the shell always responds with:

Derive DKEK share encryption key (Step 1 of 3)...
Derive DKEK share encryption key (Step 2 of 3)...
Derive DKEK share encryption key (Step 3 of 3)...
GPError: KeyStore (CRYPTO_FAILED/0) - "Loading KeyStore failed: exception decrypting data - javax.crypto.BadPaddingException: pad block corrupted" in /home/cfrantz/CardContact/scsh3/keymanager/keymanager.js#2177
    at /home/cfrantz/CardContact/scsh3/keymanager/keymanager.js#2177
    at /home/cfrantz/CardContact/scsh3/keymanager/keymanager.js#2364

I’m using OpenSSL 3.0.7 and scsh3.17.584. What am I doing wrong?


Looking at

Did you import your DKEK share? Can you show us if the DKEK has been imported correctly?

I’ve followed the instruction on the linked page. Afterwards my device shows DKEK with KCV <hex> (It also did before, but I redid the procedure just in case I’d made a mistake).

However, I’m still unable to import my PKCS#12 container (same failure message).

I’ve attached my test keys & certificate (this key is for testing only. I intend to discard it after debugging this issue). (5.2 KB)

Thanks for your help,

Tried that myself and it worked as expected:

Can you try the following command in the Smart Card Shell:

>var p12 = new KeyStore("BC", "PKCS12", "test_cert.p12", "abc123");

What Java version are you using ? Mine is Java 11.

I’m using my system’s default install of java:

$ java --version
openjdk 17.0.6 2023-01-17
OpenJDK Runtime Environment (build 17.0.6+10-Debian-1)
OpenJDK 64-Bit Server VM (build 17.0.6+10-Debian-1, mixed mode, sharing)

I get the same error when I create the KeyStore object at the shell.

I installed jdk 11 from After re-arranging the scsh3gui invocation a bit, I’m able to import my test PKCS12 container.

$HOME/jdk-11/bin/java \
    -Dorg.bouncycastle.asn1.allow_unsafe_integer=true \
    -Djava.library.path=./lib \ \
    -classpath 'lib/*' \

Thanks again for your assistance.

For what it’s worth, I tried several versions of the java jdk from

The KeyStore loading command posted above appears to work on jdks 11-16. It fails on jdks 17 and beyond, always complaining about corrupted padding:

>var p12 = new KeyStore("BC", "PKCS12", "test_cert/test_cert.p12", "abc123");
GPError: KeyStore (CRYPTO_FAILED/0) - "Loading KeyStore failed: exception decrypting data - javax.crypto.BadPaddingException: pad block corrupted" in shell#0

Considering the failure happens with the official JDK releases, I don’t think the problem is related to Debian’s particular build/packaging of Java.

Standard Sun crypto provider has no issues reading your PKCS#12 file:

$ /usr/local/openjdk17/bin/java -version
openjdk version "17.0.6" 2023-01-17
OpenJDK Runtime Environment (build 17.0.6+10-1)
OpenJDK 64-Bit Server VM (build 17.0.6+10-1, mixed mode, sharing)
$ /usr/local/openjdk17/bin/keytool -list -providername SUN  -storetype PKCS12 -storepass abc123 -keystore test_cert.p12 -v
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 1
Creation date: 2 kwi 2023
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=bar, O=foo, L=SanJose, ST=California, C=US
Issuer: CN=bar, O=foo, L=SanJose, ST=California, C=US
Serial number: d4e70dc810558b38b4bb353f279c279b824c8b9
Valid from: Tue Mar 28 19:15:04 CEST 2023 until: Fri Aug 12 19:15:04 CEST 2050
Certificate fingerprints:
	 SHA1: 49:84:0A:4C:6F:65:80:CD:6D:83:8C:AC:BF:1A:E5:83:9C:B8:0C:33
	 SHA256: 44:91:10:AE:79:94:F3:A8:DA:E0:FD:C6:74:6F:3B:F8:36:22:E8:57:39:FA:C5:80:78:30:25:05:C6:31:1E:70
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3


#1: ObjectId: Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B6 46 3C 37 27 77 66 4B   8A B0 28 C3 79 A8 33 73  .F<7'wfK..(.y.3s
0010: FE 6B 92 C5                                        .k..

#2: ObjectId: Criticality=true
  PathLen: no limit

#3: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B6 46 3C 37 27 77 66 4B   8A B0 28 C3 79 A8 33 73  .F<7'wfK..(.y.3s
0010: FE 6B 92 C5                                        .k..


The issue might be with the Bouncy Castle provider…

Confirmed, this is BC provider fails to load certain P12 keystores under Java 17 (pad block corrupted) · Issue #1018 · bcgit/bc-java · GitHub fixed in BouncyCastle release 1.70.

I have removed bcpkix-jdk15on-1.67.jar and vcprov-jdk15on-1.67.jar from the lib/ directory and replaced them with the newest release:

The SHA-256 of the files:

56a054cb170d41fb1f8ba0b29568806258b7ffefdc5e98b77ef96d4740f3d6bc bcpkix-jdk18on-172.jar
39287f2208a753db419f5ca529d6c80f094614aa74d790331126b3c9c6b85fda bcprov-jdk18on-172.jar
45377fdb6560a971eea725f507d91fd6b8fbd0797d61bfc86f2cb653c58186a4 bcutil-jdk18on-172.jar

Opening of your PKCS#12 file works for me now with OpenJDK 17 and the BC provider under scsh3.

Fixed in Smart Card Shell 3.17.587, available at

1 Like